Daily NCSC-FI news followup 2020-01-25

Kyberhäiriötilanteisiin kannattaa valmistautua jo etukäteen varautumista koskevat suositukset ja sääntely koottiin yhteen

www.epressi.com/tiedotteet/tietoturva/kyberhairiotilanteisiin-kannattaa-valmistautua-jo-etukateen-varautumista-koskevat-suositukset-ja-saantely-koottiin-yhteen.html Huoltovarmuusorganisaation Digipooli ja Tietoliikenteen ja tietotekniikan keskusliitto FiCom ry ovat julkaisseet suositukset kyberturvallisuudestaan huolehtiville yrityksille sekä IT- ja tietoturvapalveluiden tarjoajille. Suosituksia tarjoillaan kolmeen vaiheeseen: ennen sopimista, palvelun ylläpidossa ja häiriötilanteissa huomioitaviin asioihin.

Does Your Domain Have a Registry Lock?

krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/

Hackers target unpatched Citrix servers to deploy ransomware

www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/ REvil ransomware gang has been spotted abusing Citrix bug to infect victims.

Nice Try: 501 (Ransomware) Not Implemented

www.fireeye.com/blog/threat-research/2020/01/nice-try-501-ransomware-not-implemented.html

NSA Releases Guidance on Mitigating Cloud Vulnerabilities

www.us-cert.gov/ncas/current-activity/2020/01/24/nsa-releases-guidance-mitigating-cloud-vulnerabilities

Russian Pleads Guilty to Running ‘CardPlanet’ to Sell Stolen Credit Cards

thehackernews.com/2020/01/russian-credit-card-hacker.html Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud.

Citrix Releases Final Patch as Ransomware Attacks Ramp Up

www.bleepingcomputer.com/news/security/citrix-releases-final-patch-as-ransomware-attacks-ramp-up/ Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

New Ryuk Info Stealer Targets Government and Military Secrets

www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-targets-government-and-military-secrets/ A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.

DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs

www.bleepingcomputer.com/news/security/dos-exploit-poc-released-for-critical-windows-rdp-gateway-bugs/ A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

City of Potsdam Servers Offline Following Cyberattack

www.bleepingcomputer.com/news/security/city-of-potsdam-servers-offline-following-cyberattack/ The City of Potsdam severed the administration servers’ Internet connection following a cyberattack that took place earlier this week. Emergency services including the city’s fire department fully operational and payments are not affected.

U.S. Govt Agency Hit with New CARROTBALL Malware Dropper

www.bleepingcomputer.com/news/security/us-govt-agency-hit-with-new-carrotball-malware-dropper/ A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.